Auditing and Accreditation, Uncategorized

Auditing and Accreditation 5 

Posted on by owner

Mission

The stated mission of The Institute of Internal Auditors is to provide “dynamic leadership” for the global profession of internal auditing. This includes:

  • Advocating and promoting the value that internal audit professionals add to their organizations;
  • Providing comprehensive professional education and development opportunities; standards and other professional practice guidance; and certification programs;
  • Researching, disseminating, and promoting to practitioners and stakeholders knowledge concerning internal auditing and its appropriate role in control, risk management, and governance;
  • Educating practitioners and other relevant audiences on best practices in internal auditing;
  • Bringing together internal auditors from all countries to share information and experiences.

The critical role of the IIA in establishing a corporate conscience for internal auditors has been explored by Kapoor and Brozzetti in the CPA Journal.

The critical role of the IIA in establishing a corporate conscience for internal auditors has been explored by Kapoor and Brozzetti in the CPA Journal.

The IIA’s annual report, Pulse of Internal Audit, is based on a survey of over 500 internal audit executives and identifies key risk areas. In 2019, those risk areas were:

  • Cybersecurity and data protection
  • Third-party risks
  • Emerging and atypical risks
  • Board and management activity

History

Established in 1941, the IIA today serves more than 200,000 members  from more than 170 countries and territories. IIA’s global headquarters are in Lake Mary, FL, United States. Anthony Pugliese is the President and CEO. Pugliese succeeded Richard Chambers, in 2021. Previously, Pugliese was President and CEO of CalCPA.

Professional certification

The Certified Internal Auditor (CIA) is the primary professional designation offered by The IIA. The CIA designation is a globally recognized certification for internal auditors and is a standard by which individuals may demonstrate their competency and professionalism in the internal audit field. In order to become a certified internal auditor, candidates must possess a four-year degree from an accredited institution as well as pass all three parts of the CIA exam.

Earning the CIA certification is intended to demonstrate a professional knowledge of the internal audit profession. CIAs are required to take continuing education courses.

Many CIAs today are senior internal audit managers, Vice Presidents, Directors and Chief Audit Executives in top global MNC companies driving internal audit functions in their respective companies. The first CIA exam was given in 1974. Through December 31, 2019, over 165,000 CIAs have been awarde

Internal Auditors who take and pass the CIA Part One exam can earn the designation of Internal Audit Practitioner. In 2019, the IIA announced it would be changing the Internal Audit Practitioner program. The program changes include a new exam and waiving of the educational requirement for active Internal Audit Practitioner designation holders applying for the CIA program. The changes go into effect in 2020.

Other certifications

In 2019, the IIA announced plans to change its Certification in Risk Management Assurance (CRMA) program. The CRMA changes go into effect in October 2020, and will include a new exam and updated prerequisites and experience requirements.

  • Certification in Risk Management Assurance (CRMA)
  • Qualification in Internal Audit Leadership (QIAL)
  • Internal Audit Practitioner (IAP)
  • Certification in Control Self Assessment (CCSA)
  • Certified Government Auditing Professional (CGAP), for Government performance auditing and Government Auditors
  • Certified Financial Services Auditor (CFSA)

Professional standards

The IIA has two levels of professional guidances: (1) Mandatory Guidance (including the Standards) and (2) Strongly Recommended Guidance. The two levels of guidance constitute the IIA’s International Professional Practices Framework (IPPF).

Mandatory guidance

The definition of internal auditing and the code of ethics and the Standards are mandatory for IIA members and internal audit organizations claiming to complete audits to IIA technical standards around the world. The guidelines and recommendations are recorded in what is referred to as the “Red Book.”

  • The Definition: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
  • The four principles of the IIA’s Code of Ethics are Integrity, Objectivity, Confidentiality and Competency.
  • financial audit is conducted to provide an opinion whether “financial statements” (the information is verified to the extent of reasonable assurance granted) are stated in accordance with specified criteria. Normally, the criteria are international accounting standards, although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organization. In providing an opinion whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements.

The audit opinion is intended to provide reasonable assurance, but not absolute assurance, that the financial statements are presented fairly, in all material respects, and/or give a true and fair view in accordance with the financial reporting framework. The purpose of an audit is to provide an objective independent examination of the financial statements, which increases the value and credibility of the financial statements produced by management, thus increase user confidence in the financial statement, reduce investor risk and consequently reduce the cost of capital of the preparer of the financial statements.

In accordance with the US Generally Accepted Accounting Principles (US GAAP), auditors must release an opinion of the overall financial statements in the auditor’s report. Auditors can release three types of statements other than an unqualified/unmodified opinion. The unqualified auditor’s opinion is the opinion that the financial statements are presented fairly. A qualified opinion is that the financial statements are presented fairly in all material respects in accordance with US GAAP, except for a material misstatement that does not however pervasively affect the user’s ability to rely on the financial statements. A qualified opinion can also be issued for a scope limitation that is of limited significance. Further the auditor can instead issue a disclaimer, because there is insufficient and appropriate evidence to form an opinion or because of lack of independence. In a disclaimer the auditor explains the reasons for withholding an opinion and explicitly indicates that no opinion is expressed. Finally, an adverse audit opinion is issued when the financial statements do not present fairly due to departure from US GAAP and the departure materially affects the financial statements overall. In an adverse auditor’s report the auditor must explain the nature and size of the misstatement and must state the opinion that the financial statements do not present fairly in accordance with US GAAP.

Financial audits are typically performed by firms of practicing accountants who are experts in financial reporting. The financial audit is one of many assurance functions provided by accounting firms. Many organizations separately employ or hire internal auditors, who do not attest to financial reports but focus mainly on the internal controls of the organization. External auditors may choose to place limited reliance on the work of internal auditors. Auditing promotes transparency and accuracy in the financial disclosures made by an organization, therefore would likely reduce such corporations concealment of unscrupulous dealings.

Internationally, the International Standards on Auditing (ISA) issued by the International Auditing and Assurance Standards Board (IAASB) is considered as the benchmark for audit process. Almost all jurisdictions require auditors to follow the ISA or a local variation of the ISA.

Financial audits exist to add credibility to the implied assertion by an organization’s management that its financial statements fairly represent the organization’s position and performance to the firm’s stakeholders. The principal stakeholders of a company are typically its shareholders, but other parties such as tax authorities, banks, regulators, suppliers, customers and employees may also have an interest in knowing that the financial statements are presented fairly, in all material aspects. An audit is not designed to provide absolute assurance, being based on sampling and not the testing of all transactions and balances; rather it is designed to reduce the risk of a material financial statement misstatement whether caused by fraud or error. A misstatement is defined in ISA 450 as an error, omitted disclosure or inappropriate accounting policy. “Material” is an error or omission that would affect the users decision. Audits exist because they add value through easing the cost of information asymmetry and reducing information risk, not because they are required by law (note: audits are obligatory in many EU-member states and in many jurisdictions are obligatory for companies listed on public stock exchanges). For collection and accumulation of audit evidence, certain methods and means generally adopted by auditors are:

  1. Posting checking
  1. Testing the existence and effectiveness of management controls that prevent financial statement misstatement
  2. Casting checking
  3. Physical examination and count
  4. Confirmation
  5. Inquiry
  6. Observation
  7. inspection
  8. Year-end scrutiny
  9. Re-computation
  10. Tracing in subsequent period
  11. Bank reconciliation
  12. Vouching
  13. Verification of existence, ownership, title and value of assets and determination of the extent and nature of liabilities

Financial audit is a profession known for its male dominance. According to the latest survey, it found that 70–80% of the financial auditors are male, with 2% being female and the rest being a mixture of both (Bader, 2018).

The Big Four

Greenwood et al. (1990) defined the audit firm as, “a professional partnership that has a decentralized organization relationship between the national head office and local offices”. Local offices can make most of the managerial decisions except for the drawing up of professional standards and maintaining them.

The Big Four are the four largest international professional services networks, offering audit, assurance, tax, consulting, advisory, actuarial, corporate finance, and legal services. They handle the vast majority of audits for publicly traded companies as well as many private companies, creating an oligopoly in auditing large companies. It is reported that the Big Four audit 99% of the companies in the FTSE 100, and 96% of the companies in the FTSE 250 Index, an index of the leading mid-cap listing companies. The Big Four firms are shown below, with their latest publicly available data. None of the Big Four firms is a single firm; rather, they are professional services networks. Each is a network of firms, owned and managed independently, which have entered into agreements with other member firms in the network to share a common name, brand and quality standards. Each network has established an entity to co-ordinate the activities of the network. In one case (KPMG), the co-ordinating entity is Swiss, and in three cases (Deloitte Touché Tohmatsu, PricewaterhouseCoopers and Ernst & Young) the co-ordinating entity is a UK limited company. Those entities do not themselves perform external professional services, and do not own or control the member firms. They are similar to law firm networks found in the legal profession. In many cases each member firm practices in a single country, and is structured to comply with the regulatory environment in that country. In 2007 KPMG announced a merger of four member firms (in the United Kingdom, Germany, Switzerland and Liechtenstein) to form a single firm. Ernst & Young also includes separate legal entities which manage three of its four areas: Americas, EMEIA (Europe, The Middle East, India and Africa), and Asia-Pacific. (Note: the Japan area does not have a separate area management entity). These firms coordinate services performed by local firms within their respective areas but do not perform services or hold ownership in the local entities. This group was once known as the “Big Eight”, and was reduced to the “Big Six” and then “Big Five” by a series of mergers. The Big Five became the Big Four after the demise of Arthur Andersen in 2002, following its involvement in the Enron scandal.

owner